DATA FILE DESCRIPTION AND PRIVACY STATEMENT
Personal Data Act (523/1999, sections 10 and 24)
EU General Data Protection Regulation (GDPR, 2016/679)
Document date 24 May 2018
Last amended 7 September 2022
Kauppakeskus Mylly Oy
Tel. 02 332 3000
2. CONTACT PERSON IN CHARGE OF THE DATA FILE
The person in charge of the data file is Kauppakeskus Mylly’s Security Manager.
Kauppakeskus Mylly Oy
Myllynkatu 1 21280 RAISIO
Tel. 02 332 3000
3. NAME OF DATA FILE
Data protection register for Kauppakeskus Mylly Oy’s camera surveillance.
4. LEGAL BASIS AND PURPOSE OF PROCESSING PERSONAL DATA
The purpose of the camera surveillance system is to protect information and property, prevent abuses and crimes, ensure the safety and legal protection of the people who visit and work in the shopping centre, and to help resolve abuses and crimes that have already occurred. Personal data are not used for automatic decision-making or profiling.
5. CONTENTS OF THE DATA FILE
The data file contains photo footage saved by surveillance cameras. The material is compiled in digital and analog format. Surveillance cameras are located in the premises and yard areas that are under Kauppakeskus Mylly Oy’s control in order to capture images of public premises and areas, as well as premises and areas that are off limits to the public. Images, as well as the date and time, of people and vehicles moving about and loitering in the areas covered by camera surveillance are stored in data files.
6. REGULAR DATA SOURCES
Surveillance camera footage of premises and yard areas that are under Kauppakeskus Mylly Oy’s management. There are no external data sources.
7. REGULAR DISCLOSURES OF DATA AND TRANSFER OF DATA OUTSIDE THE EU OR EEA
The data contained in data files are not disclosed regularly to anyone. Data may only be disclosed within the limits permitted by and obligatory under valid law. Data may also be disclosed to the police or some other competent authority for the purpose of investigating a crime. Such disclosures are always based on a specific request presented by the authority. Data is not transferred outside the EU or EEA. Subcontractors may be used to manage the tasks related to the purpose of the data file.
8. PROTECTION OF THE DATA FILE
Due care is taken when processing the data file, and the data processed using information systems are appropriately protected. Processing rights to the data file are held by designated persons and security personnel. The data file is protected by a password, which is known only by the persons appointed to the task.
9. DATA STORAGE PERIODS
Data are stored for a maximum of thirty (30) days. The storage period varies according to the storage space situation. The data can be kept after the maximum period if necessary to resolve a suspected crime or abuse that came up for investigation before the end of said period.
10. RIGHT TO INSPECT AND EXERCISING THE RIGHT
Every data subject in the data file has the right to inspect their personal data that are saved in the data file and to demand the rectification or erasure of their personal data. If a person wants to inspect the data that have been saved on them or demands that their data be rectified, such a request must be sent in writing to the controller. The controller may, if necessary, ask the person making the request to prove their identity. The controller will respond to the customer within the time frame laid down in the GDPR (as a general rule, within one month).
The data that are stored in the data file will be automatically erased at the latest within thirty (30) days, when the system saves new data over the old data.
11. NOTIFICATION OF RECORDING IN THE DATA FILE
On the exterior doors and entrances of areas protected by camera surveillance, there are stickers and/or signs indicating that the area is under recorded camera surveillance. The data file description for camera surveillance is available in the premises of the Mylly shopping centre. If necessary, the person making the inquiry can be sent a copy of the data file description, or a copy can be printed up for them.